'Net Features : securityhttp://www.websitemagazine.com/content/blogs/posts/archive/tags/security/default.aspxTags: securityenCommunityServer 2008 SP2 (Build: 31104.93)One in Three Cyberattacks Result in a Security Breachhttp://www.websitemagazine.com/content/blogs/posts/archive/2016/11/03/one-in-three-cyberattacks-result-in-a-security-breach.aspxThu, 03 Nov 2016 14:35:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:58304Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=58304http://www.websitemagazine.com/content/blogs/posts/archive/2016/11/03/one-in-three-cyberattacks-result-in-a-security-breach.aspx#comments<p><strong>Overconfidence in your IT department may be putting your organization at a higher risk for attack.&nbsp;</strong></p>
<p>A new security survey from Accenture revealed that in the past twelve months, roughly one in three targeted attacks resulted in an actual security breach. Still, a majority of security executives (75 percent) surveyed are confident in their ability to protect their enterprises from cyberattacks.</p>
<hr />
<h4><img height="20" width="20" src="http://www.websitemagazine.com/images/blog/subarrow.png" style="float:left;" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>The survey reveals that the length of time taken to detect these security breaches often compounds the problem, as more than half of executives (51 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.</p>
<p>What this means is that while enterprises understand that it is time to get smarter about how security budgets are spent, the sentiment among those surveyed indicated they will only continue to pursue the same countermeasures instead of investing in new and different security controls in order to mitigate threats. &nbsp;</p>
<p>For example, Accenture found that given extra budget, 44 percent to 54 percent of respondents would &ldquo;double down&rdquo; on their current cybersecurity spending priorities (protecting the company&#39;s reputation) safeguarding company information, and protecting customer data) &ndash; even though those investments have not significantly deterred regular and ongoing breaches. Far fewer companies would invest the extra funds in efforts that would directly affect their bottom line, such as mitigating against financial losses (28 percent) or investing in cybersecurity training (17 percent).</p>
<p>&ldquo;Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past. There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain,&rdquo; said Kevin Richards, managing director, Accenture Security, North America. &ldquo;It is also clear that the need for organizations to take a comprehensive end-to-end approach to digital security &ndash; one that integrates cyber defense deeply into the enterprise &ndash; has never been greater.&rdquo;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=58304" width="1" height="1">securityaccenturecyberattacksFight the Good Fight Against Ransomwarehttp://www.websitemagazine.com/content/blogs/posts/archive/2016/11/02/fight-the-good-fight-against-ransomware.aspxWed, 02 Nov 2016 13:50:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:58301Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=58301http://www.websitemagazine.com/content/blogs/posts/archive/2016/11/02/fight-the-good-fight-against-ransomware.aspx#comments<p><strong>Extrahop has introduced a new version of their ransomware mitigation offering that will allow enterprises to recover ransomware-encrypted files without a backup.&nbsp;</strong></p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>The solution incorporates the ExtraHop platform&#39;s proprietary Precision Packet Capture capability, allowing companies to detect ransomware attacks in-progress and recover lost files. ExtraHop, customers can now use packets to reconstruct files as they existed immediately before encryption, safely recovering critical data without paying the ransom. The solution even works if there isn&#39;t a recent backup of the affected files. Take that hackers!&nbsp;</p>
<p>&quot;The &#39;human vector&#39; has become a reality for today&#39;s security teams. Just as the common cold will infect at least one person in an office and make its way to others, it&#39;s just as likely that that at least one person in your organization will open an email attachment containing ransomware,&quot; said John Smith, Principal Solutions Architect for Security at <a target="_blank" href="https://extrahop.com">ExtraHop</a>. </p>
<p>&quot;We&#39;ve already worked with customers around the globe to detect ransomware before it can do significant damage. By incorporating Precision Packet Capture into our ransomware solution, ExtraHop now truly puts IT security back in control, helping them detect and short-circuit attacks and rapidly restore impacted files.&quot;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=58301" width="1" height="1">securityextrahopransomwareThe Impact of Cyberattacks is Massivehttp://www.websitemagazine.com/content/blogs/posts/archive/2016/10/14/the-impact-of-cyberattacks-is-massive.aspxFri, 14 Oct 2016 16:20:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:57883Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=57883http://www.websitemagazine.com/content/blogs/posts/archive/2016/10/14/the-impact-of-cyberattacks-is-massive.aspx#comments<p><strong>It seems as though a day does not go by without hearing of some new cyberattack, worse than any one before, of course. It&#39;s a problem and there seems to be absolutely no end in sight. </strong></p>
<p>In a recent survey IT service providers by data protection solution <a href="http://datto.com">Datto</a> revealed today that 91 percent of respondents reported having their clients victimized by ransomware in the past twelve months.</p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>What&#39;s worse is that some 40 percent reported more than half-a-dozen separate attacks during the same time frame. In the United States, these attacks cause $75 billion in damages to small and medium-sized businesses, with downtime from ransomware often costing businesses more than $8,500 per hour. </p>
<p>&ldquo;Ransomware is not about a couple of hacker kids sitting in the basement and messing around,&rdquo; said Austin McChord, Datto&rsquo;s CEO. &ldquo;It&rsquo;s a major enterprise orchestrated by large and well-funded companies, and it&rsquo;s becoming a massive problem for businesses, regardless of industry or geographical location. &rdquo;&nbsp;</p>
<p><em><strong>Additional highlights of the survey include: </strong></em><strong></strong></p>
<ul>
<li>63 percent of survey respondents mentioned that a ransomware attack led to business-threatening downtime</li>
<li>31 percent of respondents replied that they experienced multiple attacks in a single day</li>
<li>The average ransom demanded ranges between $500 and $2,000</li>
</ul>
<p>&nbsp;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=57883" width="1" height="1">securitywm-hostingcyberattackdattoGoogle, HTTPS & The Future of Web Securityhttp://www.websitemagazine.com/content/blogs/posts/archive/2016/09/09/google-https-amp-the-future-of-web-security.aspxFri, 09 Sep 2016 13:40:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:57002Pete Prestipino5http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=57002http://www.websitemagazine.com/content/blogs/posts/archive/2016/09/09/google-https-amp-the-future-of-web-security.aspx#comments<p><strong>Google has drawn a line in the virtual sand, revealing its plan to mark all HTTP sites as non-secure in Chrome starting in Jan. 2017.</strong>
</p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>
Sites that transmit passwords or credit cards that still use HTTP at that time will be marked as &#39;non-secure&#39; and throwing those that have not adopted the protocol into a digital tailspin.
<br /><br />
HTTPS is obviously more secure than HTTP and can protect users from a variety of security issues including content injection, mad-in-the-middle attacks and a host of other data modification threats. Adoption of the protocol however has been somewhat slow among smaller websites.
<br /><br />
The January date caps off over two years of attention to HTTPS for Google. Back in Aug. 2014 the search engine&#39;s algorithm began treating sites with encryption better (providing a slight ranking boost) and it started indexing HTTPS pages by default in late 2015.
<br /><br />
Currently, more than half of Chrome desktop page loads are served over HTTPS according to Google and they obviously are aiming to get the percentage closer to 100 percent.</p>
<h2>Is your website using the HTTPS protocol?</h2>
<p>
Share your thoughts on this development with a comment below!</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=57002" width="1" height="1">googlesecuritywm-designdevwm-searchmarketingHTTPSDNSSEC Reflection Presents Severe DDoS Riskhttp://www.websitemagazine.com/content/blogs/posts/archive/2016/08/19/dnssec-reflection-presents-severe-ddos-risk.aspxFri, 19 Aug 2016 14:05:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:56470Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=56470http://www.websitemagazine.com/content/blogs/posts/archive/2016/08/19/dnssec-reflection-presents-severe-ddos-risk.aspx#comments<p><strong>Neustar has released a research <a href="https://hello.neustar.biz/dnssec_report_it_security_lp.html">report</a> detailing how the Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks. </strong></p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>The report revealed that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-bute response, which results in an amplification factor of nearly 30 times. That can cause a network service outage during a DDoS attack.</p>
<p>&ldquo;DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,&rdquo; said Joe Loveless, Director Product Marketing, Security Services, Neustar. &ldquo;If DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.&rdquo;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=56470" width="1" height="1">securitywm-designdevwm-hostingDetect & Eliminate Digital Adversarieshttp://www.websitemagazine.com/content/blogs/posts/archive/2016/08/01/detect-amp-eliminate-digital-adversaries.aspxMon, 01 Aug 2016 17:23:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:55863Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=55863http://www.websitemagazine.com/content/blogs/posts/archive/2016/08/01/detect-amp-eliminate-digital-adversaries.aspx#comments<p><strong>Accenture and security solution Endgame have created a &quot;threat hunting&quot; as-a-service offering designed to help enterprises eliminate cybersecurity threats in real-time. </strong></p>
<p>Powered by Endgame and operated by cybersecurity hunters at Accenture, the service aims to identify and remove known and never before seen threats that have evaded traditional security methods. </p>
<p>The service provides continuous endpoint monitoring and reporting for targeting attacks, the ability to expose and eliminate active and dormant adversaries that have infiltrated networks, and an actionable list of vulnerabilities and procedures to re-mediate and prevent future attacks. </p>
<p>&ldquo;Today, cyber attackers can circumvent even the most fortified of traditional enterprise defense systems,&rdquo; said Vikram Desai, managing director, Accenture Analytics &ndash; Security Lead. </p>
<hr />
<h4><img height="20" width="20" src="http://www.websitemagazine.com/images/blog/subarrow.png" style="float:left;" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>&quot;Rather than building a taller defensive wall, we&rsquo;re giving our clients the ability to strike first &ndash; to stop adversaries before they attack. Delivering this capability requires two fundamental elements: battle tested experience outmaneuvering enemies and specialized technology that gives you an unfair advantage. With Endgame, this is exactly what our hunting as-a-Service offering delivers. Armed with it, our clients spend less time dealing with threats and more time on innovation and growth.&quot;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=55863" width="1" height="1">securityaccenturewm-designdevendgameConsumers In The Dark About Ransomwarehttp://www.websitemagazine.com/content/blogs/posts/archive/2016/05/26/consumers-in-the-dark-about-ransomware.aspxThu, 26 May 2016 15:45:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:54120Allison Howen1http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=54120http://www.websitemagazine.com/content/blogs/posts/archive/2016/05/26/consumers-in-the-dark-about-ransomware.aspx#comments<hr />
<p><strong>Consumers are in the dark when it comes to ransomware according to a new study from Kaspersky Labs.</strong></p>
<p>The study reveals that 43 percent of connected consumers do not know what ransomware is, while 44 percent said they don&rsquo;t know what data or information could be stolen in a ransomware attack. For reference, ransomware is malware that can restrict access to a computer system so it becomes difficult or impossible to access, and poses a threat to both individuals and businesses.</p>
<p>The <a target="_blank" href="http://usblog.kaspersky.com/usa/files/2016/05/Ransomware-Report-Final.pdf">study</a> surveyed more than 4,000 U.S. and 1,000 Canadian consumers aged 16 or older. The results show that just 16 percent of respondents said ransomware was a cyber threat they were worried about. What&rsquo;s more, just 13 percent of Millennials &ndash; who tend to be tech-savvy &ndash; said they were worried about ransomware in general.</p>
<p>Although many don&rsquo;t know exactly what ransomware is and how it leaves them vulnerable, many consumers would be willing to give up social media permanently to guarantee future protection of their personal digital files. In fact, 26 percent of Americans and 24 percent of Canadians said they would be willing to give up social media to protect themselves.</p>
<p>It is also important to point out that many consumers don&rsquo;t know what to do if a random attack occurs, with the data showing 15 percent of Americans and 17 percent of Canadians think unplugging the computer or turning off their mobile device is the best way to stop an attack.&nbsp;</p>
<p>&ldquo;Right now, ransomware is an epidemic. Although it has been around for more than a decade, we have seen a recent explosion of new ransomware families that is cause for serious concern,&rdquo; said Ryan Naraine, head of the global research and analysis team in the USA, <a target="_blank" href="http://usa.kaspersky.com/">Kaspersky Lab</a>. &ldquo;With this epidemic, the need for increased consumer awareness about ransomware is essential. Consumers today must not only learn about ransomware, but also use solutions to protect themselves against it, including installing internet security, making sure all devices are updated with available software patches, routinely backing up all important digital assets and implementing better user habits.&rdquo;</p>
<p>For those looking to protect themselves or business, check out Website Magazine&#39;s &quot;<a href="http://www.websitemagazine.com/content/blogs/posts/archive/2016/04/14/tips-to-safeguard-against-ransomware.aspx" target="_blank">Tips to Safeguard against Ransomware</a>.&quot;</p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/scripts/sub/email_newsletter.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent-oct14">Request Website Magazine&#39;s Free Weekly Newsletters&nbsp;</a></h4>
<hr /><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=54120" width="1" height="1">securitywm-softwarekaspersky labransomwareSay Goodbye to Passwords (Infographic)http://www.websitemagazine.com/content/blogs/posts/archive/2016/05/24/say-goodbye-to-passwords-infographic.aspxTue, 24 May 2016 15:50:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:53995Allison Howen2http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=53995http://www.websitemagazine.com/content/blogs/posts/archive/2016/05/24/say-goodbye-to-passwords-infographic.aspx#comments<hr />
<p><b>Passwords may be going extinct, as a new report from Gigya reveals that 52 percent of consumers would choose anything but a traditional username and password account registration when given the option.</b></p>
<p>The <a href="http://www.gigya.com/resource/whitepaper/death-of-the-password/" target="_blank">&ldquo;Businesses Should Begin Preparing for the Death of the Password&rdquo; study</a> suggests that businesses should consider adopting secure and modern password alternatives like social login, two-factor authentication or biometrics authentication &ndash; which includes fingerprints, voice recognition or iris scanning technology. In fact, 80 percent of consumers who expressed a preference believe biometric authentication is more secure than traditional usernames and passwords.</p>
<p>Additional data found that just 16 percent of respondents follow password best practices with a unique password for each online account. In fact, 6 percent use the same password for all accounts and 63 percent use seven or fewer passwords across accounts. Perhaps the most shocking stat, however, is that just 33 percent of millennials create secure passwords for everything, with the rest using generic or common passwords. Conversely, 42 percent of Generation X and 53 percent of Baby Boomers always create secure passwords.</p>
<p>It is also important to note that the study shed light on security issues, revealing that 26 percent of all respondents have had at least one online account compromised in the past 12 months. When segmented by generation, 35 percent of millennials, 28 percent of Generation X and 18 percent of Baby Boomers reported having online accounts compromised. What&rsquo;s more, the data shows that 68 percent of respondents abandon the creation of an online account due to complex password requirements, while 55 percent abandon a login page because they forgot their passwords or answered a security question incorrectly.</p>
<p>&ldquo;Within the next 10 years, traditional passwords will be dead as an authentication form,&rdquo; said Patrick Salyer, CEO of Gigya. &ldquo;Consumer-focused brands require modern customer identity management infrastructures that support newer, more secure authentication methods, such as biometrics. Businesses that are already using advanced authentication methods demonstrate increased customer registration and engagement while enjoying greater login convenience and security.&rdquo;</p>
<p>Learn more about the report by checking out Gigya&rsquo;s infographic below (click to enlarge):</p>
<p><a href="http://www.websitemagazine.com/images/blog/Deathofpasswordinfographic.png" target="_blank"><img style="vertical-align:middle;margin:5px;" src="http://www.websitemagazine.com/images/blog/Deathofpasswordinfographic.png" height="2912" width="630" alt="" /></a></p>
<hr />
<h4><img src="http://www.websitemagazine.com/images/blog/subarrow.png" style="float:left;" height="20" width="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/scripts/sub/email_newsletter.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent-oct14">Request Website Magazine&#39;s Free Weekly Newsletters&nbsp;</a></h4>
<hr /><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=53995" width="1" height="1">securitygigyainfographicsocial loginpasswordwm-socialmediabiometric authenticationWordPress Offers HTTPS to Custom Domainshttp://www.websitemagazine.com/content/blogs/posts/archive/2016/04/11/wordpress-offers-https-to-custom-domains.aspxMon, 11 Apr 2016 18:00:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:52814Allison Howen2http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=52814http://www.websitemagazine.com/content/blogs/posts/archive/2016/04/11/wordpress-offers-https-to-custom-domains.aspx#comments<hr />
<p><b>WordPress.com is offering free HTTPS for all custom domains hosted on its site in an effort to bring the security and performance of modern encryption to every blog and website.</b></p>
<p>WordPress points out that strong encryption protects users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking and other Web security flaws. Although WordPress has supported encryption for sites using WordPress.com subdomains since 2014, the newest announcement expands encryption to the many custom domains hosted on WordPress.com. What&rsquo;s more, the change is automatic, which means site owners won&rsquo;t need to do anything for it to take effect.</p>
<p>&ldquo;The Let&rsquo;s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let&rsquo;s Encrypt to make the process smoother for our massive and growing list of domains,&rdquo; WordPress said in <a href="https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/" target="_blank">its announcement</a>. &ldquo;For you, the users, that means you&rsquo;ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.&rdquo;</p>
<p>WordPress notes that site owners should keep an eye out for this feature on their custom domains. Once a site is HTTPS-enabled, users will see a green lock icon in their browser&rsquo;s address bar. Then all plain text HTTP requests will automatically be redirected to their encrypted counterpart. Plus, WordPress says that it will transparently handle all the complexities of SSL certificate management.</p>
<hr />
<h4><img src="http://www.websitemagazine.com/images/blog/subarrow.png" style="float:left;" height="20" width="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/scripts/sub/email_newsletter.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent-oct14">Request Website Magazine&#39;s Free Weekly Newsletters&nbsp;</a></h4>
<hr /><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=52814" width="1" height="1">securitywordpresswm-designdevHTTPSGoogle reCAPTCHA Crackedhttp://www.websitemagazine.com/content/blogs/posts/archive/2016/04/07/google-recaptcha-cracked.aspxThu, 07 Apr 2016 18:45:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:52737Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=52737http://www.websitemagazine.com/content/blogs/posts/archive/2016/04/07/google-recaptcha-cracked.aspx#comments<p><b>Security researches have come up with an automated attack that can reportedly beat the CAPTCHA system used by Google and Facebook.&nbsp;</b></p>
<p>On Google&#39;s reCAPTCHA system, which is used by millions of websites, the researchers recorded a 70.78 percent success rate over 2,235 CAPTCHAs with an average solving time of just 19.2 seconds.&nbsp;</p>
<p>The researchers fared even better on Facebook&#39;s system with a success rate of 83.5 percent on over 200 CAPTCHAs.</p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" height="20" width="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>For attackers, the whole automated system would cost only $110 a day, per IP address, and would allow them to crack around 63,000 CAPTCHAs in 24 hours from one IP address without being detected and getting banned.</p>
<p>Suphannee Sivakorn, Jason Polakis, and Angelos D. Keromytis are the three experts behind this research. Their paper called I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs, is available Columbia University&#39;s Department of Computer Science website.</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=52737" width="1" height="1">googlesecurityfacebookcaptchawmfeaturerecaptchaUsing Shared Intelligence to Combat Cybercrimehttp://www.websitemagazine.com/content/blogs/posts/archive/2016/03/07/using-shared-intelligence-to-combat-cybercrime.aspxMon, 07 Mar 2016 19:00:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:51742Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=51742http://www.websitemagazine.com/content/blogs/posts/archive/2016/03/07/using-shared-intelligence-to-combat-cybercrime.aspx#comments<p><strong>Web workers have a new tool in their fight against cybercrime. </strong></p>
<p>Digital identity solution ThreatMetrix released the Digital Identity Graph recently, a graph framework for anonymized global digital identities on the &#39;Net. </p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>The Digital Identity Graph essentially maps the billions of &quot;identity&quot; associations among people and their communication devices, account credentials, telephone numbers, physical addresses and the businesses with which they interact. ThreatMetrix will be able to define digital persona relationships on a global scale, enabling businesses to identify fraud and cyberattacks without compromising privacy.</p>
<p>&ldquo;Establishing authentication in today&rsquo;s global and digital economy is incredibly complex &ndash; ask anyone working in fraud prevention, enterprise information technology, or even the front lines of small businesses all over the world,&rdquo; said Armen Najarian, chief marketing officer. &ldquo;We believe that our achievements mapping the Digital Identity Graph will pave the way for broad industry adoption and aid in solving unique authentication challenges confronting the public and private sectors.&rdquo;</p>
<p>&nbsp;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=51742" width="1" height="1">securitythreatmetrixwm-ecommerceSecurity Panel in Chrome 48http://www.websitemagazine.com/content/blogs/posts/archive/2016/01/28/security-panel-in-chrome-48.aspxThu, 28 Jan 2016 14:14:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:50582Pete Prestipino1http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=50582http://www.websitemagazine.com/content/blogs/posts/archive/2016/01/28/security-panel-in-chrome-48.aspx#comments<p><strong>Google is rolling out a new security panel in the DevTools section of Chrome 48 that is designed to make it easy for developers to deploy HTTPS on their websites and services. </strong></p>
<p>Secure connections are a necessity today to decrease the risk of users being vulnerable to content injection (the result of that being eavesdropping, man-in-the-middle attacks, and other data modifications). What&#39;s more, HTTPS is also playing an increasingly important role in Google search algorithm, prioritizing encrypted sites with a ranking boost and in late December indicated that it has started indexing HTTPS pages by default (Google Search now crawls HTTPS equivalents of HTTP pages, even when the former are not linked to from any page). </p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine &amp; Accelerate &#39;Net Success</a></h4>
<hr />
<p>The new security panel displays connection information for every network request in an effort to identify potential connection errors. If there is no green lock in Chrome, DevTools will provide the reason why. For example, there might be a certificate violation (which shows whether a site has proven its identity with a TLS certificate), the TLS connection (which shows whether a site uses a modern and secure protocol and ciphersuite), and subresource security (which indicates whether a site loads insecure HTTP subresources). </p>
<p>&nbsp;</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=50582" width="1" height="1">securitysslchromewm-softwarewm-designdevwm-hostingHTTPSNew Zen Cart Vulnerability; Thousands of Online Retail Sites in Jeopardyhttp://www.websitemagazine.com/content/blogs/posts/archive/2015/11/27/new-zen-cart-vulnerability-thousands-of-online-retail-sites-in-jeopardy.aspxFri, 27 Nov 2015 16:45:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:49216Pete Prestipino4http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=49216http://www.websitemagazine.com/content/blogs/posts/archive/2015/11/27/new-zen-cart-vulnerability-thousands-of-online-retail-sites-in-jeopardy.aspx#comments<p><strong>Security firm High-Tech Bridge issued a warning to retailers and shoppers about a critical vulnerability in the Zen Cart Shopping management system.&nbsp;</strong></p>
<p>The security flaw could allow remote attackers to infiltrate web servers and gain access to customer data.&nbsp;</p>
<p>Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger. That&#39;s not good for e-commerce merchants using the platform with the holiday shopping season in full force. </p>
<p>Technical details of the vulnerability are not yet being made public, but having notified Zen Cart of the issue High-Tech Bridge says the date of full public disclosure is 16 December.</p>
<p>Zen Cart was quick to issue a patch that it announced on Twitter.&nbsp;</p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine - 12 Issues FREE</a></h4>
<hr />
<blockquote class="twitter-tweet">
<p dir="ltr">Security patch announcement for Zen Cart v1.5.4 - small patch available to apply quickly. <a href="https://t.co/14IN6hP005">https://t.co/14IN6hP005</a></p>
&mdash; Zen Cart (@ZenCart) <a href="https://twitter.com/ZenCart/status/669967301593165825">November 26, 2015</a></blockquote>
<p>
<script src="http://platform.twitter.com/widgets.js"></script>
</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=49216" width="1" height="1">securityzen cartwm-ecommerceWhere is Fraud the Worst?http://www.websitemagazine.com/content/blogs/posts/archive/2015/10/21/where-is-fraud-the-worst.aspxWed, 21 Oct 2015 14:38:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:48338Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=48338http://www.websitemagazine.com/content/blogs/posts/archive/2015/10/21/where-is-fraud-the-worst.aspx#comments<hr />
<p><strong>You might want to keep a close eye on orders you receive from Alaska and Delaware this holiday season.</strong></p>
<p>Machine-learning fraud detection provider Sift Science released a new report, titled &quot;The United States of Fraud,&quot; which analyzed online transactions from August 2014 to August 2015 (collecting information from 1.3 million transactions that included shipping or billing addresses in the United States) and identified several interesting fraud patterns, regions, purchase ranges and profiles.</p>
<p>&quot;Fraudsters are enjoying success in the ever-changing online playground as the e-commerce marketplace ecosystem grows,&quot; said Jason Tan, CEO and co-founder of Sift Science. &quot;We continue to see fraud behavior consistent across various industries, and reveal identifying factors that help us track and score today&#39;s most advanced fraudsters for our customers. This not only helps our customers understand the risk of each transaction made on their websites, but also automate business decisions based on that risk. As a result, this data not only showcases typical fraudulent behavior, but allows some of today&#39;s premier online retailers to deliver a better customer experience to good users.&quot;</p>
<p>Highlights from the study include: </p>
<p>+ Alaska has the highest fraud rate based on billing address while Delaware has the highest fraud rate based on shipping address.</p>
<p>+ 3 a.m. is the worst time of day for fraud, regardless of time zone. Also, fraudsters are more likely to transact during the weekdays</p>
<p>+ Users identifying themselves in the 85-90 age range are two-and-a-half times more likely to be fraudsters than the average user.</p>
<p>+ A user with two to four accounts linked to one device is eight times more likely to be fraudulent.</p>
<p>+ Purchases worth $0-25 are twice as likely to be fraudulent, suggesting criminals test stolen credits cards for validity, trying low-value orders.</p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/scripts/sub/email_newsletter.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent-oct14">Request Website Magazine&#39;s Free Weekly Newsletters&nbsp;</a></h4>
<hr /><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=48338" width="1" height="1">securityfraudwm-ecommercesift scienceQUICK HIT: Adobe Issues Flash Patchhttp://www.websitemagazine.com/content/blogs/posts/archive/2015/10/19/quick-hit-adobe-issues-flash-patch.aspxMon, 19 Oct 2015 12:54:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:48302Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=48302http://www.websitemagazine.com/content/blogs/posts/archive/2015/10/19/quick-hit-adobe-issues-flash-patch.aspx#comments<p><strong>The latest Flash vulnerability has been fixed according to a <a href="https://helpx.adobe.com/security/products/flash-player/apsb15-27.html?PID=7649589">security bulletin</a> from Adobe. </strong></p>
<p>Reports emerged late last week that Flash on Windows, Mac and Linux all had a critical vulnerability that could cause a crash and potentially allow attackers to take control of affected systems - the worst of all security vulnerabilities. </p>
<hr />
<h4><img style="float:left;" src="http://www.websitemagazine.com/images/blog/subarrow.png" width="20" height="20" alt="" />&nbsp;<a href="http://www.websitemagazine.com/content/blogs/subscribe/default.aspx?utm_source=website&amp;utm_medium=content&amp;utm_campaign=WMcontent">SUBSCRIBE to Website Magazine - 12 Issues FREE</a></h4>
<hr />
<p>Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to &#39;Allow Adobe to install updates&#39; will receive the update automatically. Users who do not have the &#39;Allow Adobe to install updates&#39; option enabled can install the update via the update mechanism within the product when prompted.</p><div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=48302" width="1" height="1">adobesecurityflashwm-designdevwm-hosting